Solved

Meaning of CVE tag in Immediate Threats

  • 10 November 2023
  • 2 replies
  • 46 views

Userlevel 1
Badge

What is the meaning of the CVE tag in Immediate Threats? For example, for "Suspected Exploitation of Apache ActiveMQ CVE-2023-46604", there is a threat, but it only checks the WebGateway and EDR with the IoCs included in the research, not checking the security controls that are in place to detect exploitation of the vulnerability.

icon

Best answer by moshe_elias 13 November 2023, 08:08

View original

2 replies

Userlevel 2
Badge +3

Hi the CVE tag has benefits in security control validation and patch prioritization, if the CVE exists in your environment:

  1. It answers the question do my security controls block malware in a specific Immediate threat that exploit the CVE.
  2. In the ATTACK BASED VULNERABILITY MANAGEMENT dashboard you can see the immediate threats and advanced scenarios related to the CVE for further visibility on the level of your org protection from it being exploited.
Userlevel 1
Badge

Hi the CVE tag has benefits in security control validation and patch prioritization, if the CVE exists in your environment:

  1. It answers the question do my security controls block malware in a specific Immediate threat that exploit the CVE.
  2. In the ATTACK BASED VULNERABILITY MANAGEMENT dashboard you can see the immediate threats and advanced scenarios related to the CVE for further visibility on the level of your org protection from it being exploited.

But malware are only dropped. I don’t test if my security controls blocks malware that expolit that CVE but i test if my security controls block that specific sample of a malware that exploits the CVE.

Reply